summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-07-25 00:13:32 +0200
committerChristian Poessinger <christian@poessinger.com>2021-07-25 00:15:08 +0200
commit794fa2206659457ba45c6f476ba8b162460cdaad (patch)
tree5e61ed248198e590586933e7a6b779bf9eb6ec07 /interface-definitions
parent937f1e43ebb9b844b9b73584c3571a18d56bf529 (diff)
downloadvyos-1x-794fa2206659457ba45c6f476ba8b162460cdaad.tar.gz
vyos-1x-794fa2206659457ba45c6f476ba8b162460cdaad.zip
ipsec: T1210: add RADIUS authentication for remote-access IKEv2 VPN
set vpn ipsec remote-access connection rw authentication client-mode 'eap-radius' set vpn ipsec remote-access connection rw authentication id '192.0.2.1' set vpn ipsec remote-access connection rw authentication server-mode 'x509' set vpn ipsec remote-access connection rw authentication x509 ca-certificate 'CAcert_Class_3_Root' set vpn ipsec remote-access connection rw authentication x509 certificate 'vyos' set vpn ipsec remote-access connection rw esp-group 'ESP-RW' set vpn ipsec remote-access connection rw ike-group 'IKE-RW' set vpn ipsec remote-access connection rw local-address '192.0.2.1' set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4' set vpn ipsec remote-access connection rw unique 'never' set vpn ipsec remote-access pool ra-rw-ipv4 name-server '192.0.2.2' set vpn ipsec remote-access pool ra-rw-ipv4 prefix '192.168.22.0/24' set vpn ipsec remote-access radius nas-identifier 'fooo' set vpn ipsec remote-access radius server 172.16.100.10 key 'secret'
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/vpn_ipsec.xml.in23
1 files changed, 19 insertions, 4 deletions
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index 858adb13a..165fdfdf3 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -703,18 +703,22 @@
<properties>
<help>Client authentication mode</help>
<completionHelp>
- <list>eap-tls eap-mschapv2</list>
+ <list>eap-tls eap-mschapv2 eap-radius</list>
</completionHelp>
<valueHelp>
<format>eap-tls</format>
- <description>EAP-TLS</description>
+ <description>Client uses EAP-TLS authentication</description>
</valueHelp>
<valueHelp>
<format>eap-mschapv2</format>
- <description>EAP-MSCHAPv2</description>
+ <description>Client uses EAP-MSCHAPv2 authentication</description>
+ </valueHelp>
+ <valueHelp>
+ <format>eap-radius</format>
+ <description>Client uses EAP-RADIUS authentication</description>
</valueHelp>
<constraint>
- <regex>^(eap-tls|eap-mschapv2)$</regex>
+ <regex>^(eap-tls|eap-mschapv2|eap-radius)$</regex>
</constraint>
</properties>
<defaultValue>eap-mschapv2</defaultValue>
@@ -872,6 +876,17 @@
#include <include/accel-ppp/name-server.xml.i>
</children>
</tagNode>
+ #include <include/radius-server-ipv4.xml.i>
+ <node name="radius">
+ <children>
+ #include <include/radius-nas-identifier.xml.i>
+ <tagNode name="server">
+ <children>
+ #include <include/accel-ppp/radius-additions-disable-accounting.xml.i>
+ </children>
+ </tagNode>
+ </children>
+ </node>
</children>
</node>
<node name="site-to-site">